6 matches found
CVE-2024-5947
The CVE-2024-5947 issue affects Deep Sea Electronics DSE855. It arises from a missing authentication flow in the web UI that allows access to the configuration backup (Backup.bin), enabling network-adjacent attackers to disclose stored credentials. The flaw is exploitable without authentication v...
CVE-2024-5949
CVE-2024-5949 affects Deep Sea Electronics DSE855 devices. The flaw is in the handling of multipart boundaries, caused by a logic error that can trigger an infinite loop, enabling network-adjacent attackers to perform a denial-of-service. Authentication is not required. The available connected so...
CVE-2024-5952
CVE-2024-5952 affects Deep Sea Electronics DSE855 devices. The flaw is in the web-based UI where authentication is not required, allowing network-adjacent attackers to bypass auth and trigger a denial-of-service condition. Documented by ZDI (ZDI-24-676) and referenced in NVD/NVD-derived entries; ...
CVE-2024-5948
CVE-2024-5948 affects the Deep Sea Electronics DSE855 device. The vulnerability is a multipart boundary handling issue where the length of user-supplied data is not properly validated before copying to a fixed-length stack-based buffer, causing a stack-based buffer overflow that can lead to remot...
CVE-2024-5951
CVE-2024-5951 affects Deep Sea Electronics DSE855 devices. The flaw occurs in the web-based UI where there is a lack of authentication before granting access to functions, enabling network-adjacent attackers to trigger a denial-of-service by abusing authenticated-access gaps. Documents consistent...
CVE-2024-5950
CVE-2024-5950 affects Deep Sea Electronics DSE855 devices. The root cause is improper validation of the length of user-supplied data in multipart form handling, copying into a fixed-length stack-based buffer, leading to a stack-based buffer overflow and remote code execution. Exploitation is poss...